From: garvinhicking <garvinhicking>
Date: Wed, 16 Aug 2006 08:28:32 +0000 (+0000)
Subject: Support HTTP-Authentication (especially for RSS feeds)
X-Git-Tag: 1.1~130
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=2bd9648158289f3030590e08cc7af65bb157c2f7;p=s9y.git

Support HTTP-Authentication (especially for RSS feeds)
---

diff --git a/docs/NEWS b/docs/NEWS
index 386d713..ba2b85d 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -1,5 +1,20 @@
 # $Id$
 
+Version 1.1-beta2 ()
+------------------------------------------------------------------------
+
+    * Added ability to use HTTP Authentication to the blog. Can be 
+      triggered by submitting HTTP Auth credentials [only supported when 
+      the server runs with mod_php, not as CGI]. Authentication can be 
+      forced URLs with the "?http_auth=true" parameter, which
+      will then send a "401 Unauthorized" header.
+      If your server does not support mod_php, you can submit REQUEST
+      variables: ?http_auth_user=XXX&http_auth_pw=YYY.
+      Note that specifying username and password in the URI will lead
+      to password disclosure in HTTP logfiles. 
+      This feature is most importantly meant for RSS-feeds, to make
+      RSS readers able to submit login credentials. (garvinhicking)
+
 Version 1.1-beta1 (August 14th, 2006)
 ------------------------------------------------------------------------
 
diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php
index 2408335..ae6dab9 100644
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@@ -477,7 +477,7 @@ function serendipity_authenticate_author($username = '', $password = '', $is_md5
         if (is_array($row)) {
             serendipity_setCookie('old_session', session_id());
             $_SESSION['serendipityUser']        = $serendipity['serendipityUser']         = $username;
-            $_SESSION['serendipityRealname']    = $serendipity['serendipityRealname']     = $$row['realname'];
+            $_SESSION['serendipityRealname']    = $serendipity['serendipityRealname']     = $row['realname'];
             $_SESSION['serendipityPassword']    = $serendipity['serendipityPassword']     = $password;
             $_SESSION['serendipityEmail']       = $serendipity['serendipityEmail']        = $row['email'];
             $_SESSION['serendipityAuthorid']    = $serendipity['authorid']                = $row['authorid'];
diff --git a/rss.php b/rss.php
index 876bfa3..c574e77 100644
--- a/rss.php
+++ b/rss.php
@@ -4,6 +4,7 @@
 
 header('Content-Type: text/xml; charset=utf-8');
 session_cache_limiter('public');
+
 include('serendipity_config.inc.php');
 include(S9Y_INCLUDE_PATH . 'include/functions_rss.inc.php');
 
@@ -101,6 +102,10 @@ default:
     break;
 }
 
+if (isset($serendipity['serendipityRealname'])) {
+    $title .= ' (' . LOGIN . ': ' . $serendipity['serendipityRealname'] . ')';
+}
+
 if (!empty($serendipity['GET']['category'])) {
     $cInfo       = serendipity_fetchCategoryInfo((int)$serendipity['GET']['category']);
     $title       = serendipity_utf8_encode(htmlspecialchars($title . ' - '. $cInfo['category_name']));
diff --git a/serendipity_config.inc.php b/serendipity_config.inc.php
index d2b429a..66ad451 100644
--- a/serendipity_config.inc.php
+++ b/serendipity_config.inc.php
@@ -27,7 +27,7 @@ if (IS_installed === true && !defined('IN_serendipity')) {
 include(S9Y_INCLUDE_PATH . 'include/compat.inc.php');
 
 // The version string
-$serendipity['version']         = '1.1-beta1';
+$serendipity['version']         = '1.1-beta2';
 
 // Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
 $serendipity['production']      = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);
@@ -79,6 +79,10 @@ if (!isset($serendipity['use_PEAR'])) {
     $serendipity['use_PEAR'] = true;
 }
 
+if (!isset($serendipity['useHTTP-Auth'])) {
+    $serendipity['useHTTP-Auth'] = true;
+}
+
 // Should IFRAMEs be used for previewing entries and sending trackbacks?
 $serendipity['use_iframe'] = true;
 
@@ -245,6 +249,21 @@ serendipity_load_configuration();
  */
 
 if (IS_installed === true) {
+    // Import HTTP auth (mostly used for RSS feeds)
+    if ($serendipity['useHTTP-Auth'] && (isset($_REQUEST['http_auth']) || isset($_SERVER['PHP_AUTH_USER']))) {
+        if (!isset($_SERVER['PHP_AUTH_USER'])) {
+            header("WWW-Authenticate: Basic realm=\"Feed Login\"");
+            header("HTTP/1.0 401 Unauthorized");
+            exit;
+        } else {
+            $serendipity['POST']['user'] = $_SERVER['PHP_AUTH_USER'];
+            $serendipity['POST']['pass'] = $_SERVER['PHP_AUTH_PW'];
+        }
+    } elseif (isset($_REQUEST['http_auth_user']) && isset($_REQUEST['http_auth_pw'])) {
+        $serendipity['POST']['user'] = $_REQUEST['http_auth_user'];
+        $serendipity['POST']['pass'] = $_REQUEST['http_auth_pw'];
+    }
+
     serendipity_login(false);
 }